Enable service accounts in an OU to register SPNs for themselves

I was just installing the Operations Manager 2012 Beta in my lab and I saw a familiar alert in the console:

If you don’t want to fiddle around with manually registering the SPNs I show you a quick way to enable all Accounts in an OU to register the SPNs for themselves.

Open adsiedit and connect to the default naming context:

Go to the properties of the OU holding your service accounts:

In the Advanced Security Dialog add SELF and edit the permissions. Go to the Properties tab and check the boxes to allow Read servicePricipleName and Write servicePricipleName for the Descendant User objects.

After the next restart your Management Server will register it’s SPNs. You can check if it is working correctly by running this commands: